: Is there any good reason I would want my website to be framed? I'm building a website that's not security-critical in any way at all, so having somebody put a page in an <iframe> is

I'm building a website that's not security-critical in any way at all, so having somebody put a page in an <iframe> is not particularly dangerous to its users. However, as my website doesn't have script plugins that will be used anywhere else, is there any reason why I shouldn't just apply:

X-Frame-Options: Deny

to every page on my website? Is there any valid reason for any other website to embed mine? I've seen plenty of content-stealing ones and attempts to hijack user accounts, but never an actual good usage of frames that's not an explicit feature of the website.

10.01% popularity Vote Up Vote Down

: Don't be afraid to use bcrypt! It is not for high security sites only, and using it can be as easy, as using an md5 hash. It won't make your application more complicated to have a random

@Murray432

0 Comments

: Cookies Audit help Someone can explain to me what is the purpose of these cookies? I'm doing a cookies audit and I didn't find anything on the web Domain: google.com(google maps), Name: NID

@Murray432

Posted in: #Cookie

0 Comments

: Use the internet wayback machine at http://archive.org/web/web.php. You can search for any site and see a timeline of how it's evolved over the years. Classic examples would of course be Yahoo,

@Murray432

0 Comments

: Are there considerations for expiring SSL certs for inactive domains? I have a few domains that have effectively been "retired" though our company plans to keep them registered in perpetuity.

@Murray432

Posted in: #Https #Security

1 Comments

Login to post a comment!

1 Comments

Sorted by latest first Latest Oldest Best

@Dunderdale272

Some folks get a fair amount of traffic by allowing themselves to be framed by social network sharing sites like StumbleUpon - if your page is at all likely to be shared, I'd avoid doing this, and handle instances of framing in another way.

Also, your site can already be sucked in and repurposed by benign services like Google Translate - and I believe an HTTP header like that won't prevent that kind of usage.

10% popularity Vote Up Vote Down

Feed

: Is there any good reason I would want my website to be framed? I'm building a website that's not security-critical in any way at all, so having somebody put a page in an <iframe> is

More posts by @Murray432

: Don't be afraid to use bcrypt! It is not for high security sites only, and using it can be as easy, as using an md5 hash. It won't make your application more complicated to have a random

: Cookies Audit help Someone can explain to me what is the purpose of these cookies? I'm doing a cookies audit and I didn't find anything on the web Domain: google.com(google maps), Name: NID

: Use the internet wayback machine at http://archive.org/web/web.php. You can search for any site and see a timeline of how it's evolved over the years. Classic examples would of course be Yahoo,

: Are there considerations for expiring SSL certs for inactive domains? I have a few domains that have effectively been "retired" though our company plans to keep them registered in perpetuity.

Login to post a comment!

1 Comments

Back to top | Use Dark Theme